EIP-2026-118918

PRE-CVE

ModSecurity 2.5.9 (Core Rules 2.5-1.6.1) - Filter Bypass

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118918. PoCs published by Lavakumar Kuppan.

AI-analyzed exploit summary This is a detailed writeup describing a vulnerability in ModSecurity Core Rules that allows bypassing SQL injection filters by exploiting differences in how duplicate HTTP parameters are handled by ModSecurity and ASP/ASP.NET applications. The technique involves splitting malicious payloads across multiple parameters to evade detection.

Description

ModSecurity 2.5.9 (Core Rules 2.5-1.6.1) - Filter Bypass

Exploits (1)

exploitdb WRITEUP VERIFIED
by Lavakumar Kuppan · textremotewindows
https://www.exploit-db.com/exploits/8930

This is a detailed writeup describing a vulnerability in ModSecurity Core Rules that allows bypassing SQL injection filters by exploiting differences in how duplicate HTTP parameters are handled by ModSecurity and ASP/ASP.NET applications. The technique involves splitting malicious payloads across multiple parameters to evade detection.

Classification
Writeup 100%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: ModSecurity <= 2.5.9 using ModSecurity Core Rules <= 2.5-1.6.1
No auth needed
Prerequisites: Target application must be ASP/ASP.NET · ModSecurity with Core Rules must be in use
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026